Detailed explanation of mysql permissions and security

1. The MySQL permission system authenticates through two stages:

　(A) Identity authentication of users, combining IP address and user name,

　(B) Granting authorization to legal users The corresponding permissions and permissions table are loaded into memory when the database is started.

2. In the permission access process, the three permission tables of user, host and db in the "mysql" database will be used. Two-stage verification process

　(A) The host, user and password in the user table determine whether the connection is possible.

　(B) Permission table sequence user->db->tables_priv->columns_priv.

　Each permission in the user table represents a permission for all databases, and each permission in the db table represents a permission for a specific database.

3. Account Management

There are two ways to create an account: use GRANT syntax to create or directly operate the authorization table. The first one is recommended.

To modify permissions, you can use the GRANT and REVOKE commands.

4. Security Issues

　(A) Strictly control operating system accounts and permissions

　(B) Try to avoid running MySQL with root privileges

　(C ) Prevent DNS spoofing

　(D) Delete anonymous account

　(E) Set a password for the root account

　(F) Set a secure password

　(G ) Only grant necessary permissions to the account

　(H) Only allow root to have access permissions to the user table of the mysql library

　(I) Only allow administrators to have FILE, PROCESS and SUPER permissions

　(J) DROP TABLE will not recycle previous related access authorization

　(K) Use SSL

　(L) Add IP restrictions to all users

(M) Pay attention to the vulnerabilities of the REVOKE command

The above is the detailed content of Detailed explanation of mysql permissions and security. For more information, please follow other related articles on the PHP Chinese website!